Cybersecurity Authority warns of WhatsApp Web Banking Malware targeting Windows users
Cybersecurity Authority warns of WhatsApp Web Banking Malware targeting Windows users
Publish Date: 2026-01-27 22:48:00
Source Domain: www.gbcghanaonline.com
By: Benjamin Nii Nai Anyetei
The Cyber Security Authority (CSA) has issued a public alert warning Windows computer users of a new WhatsApp Web–based banking malware campaign that poses serious financial and data security risks. According to the CSA, cybersecurity experts have identified a malicious operation that exploits WhatsApp Web to spread a dangerous banking malware known as Astaroth. The attackers take advantage of the widespread use and trust associated with WhatsApp to deceive users into infecting their computers.
The Authority explains that the malware is designed to steal sensitive banking and login information, exposing both individuals and organisations to potential financial loss and fraud. The campaign highlights evolving cybercriminal tactics, where everyday digital tools are increasingly being weaponised to carry out financial crimes.
How the Attack Works
The CSA says threat actors typically initiate the attack by sending malicious ZIP files to victims through WhatsApp messages. These files are often disguised as legitimate documents or shared under convincing pretexts to encourage recipients to download and open them. Once the ZIP file is extracted and executed on a Windows device, the Astaroth malware is installed. The malware then silently connects to WhatsApp Web, where it retrieves the victim’s contact list and automatically sends similar malicious messages to those contacts—allowing the malware to spread without the victim’s knowledge.
In the background, the malware carries out extensive data harvesting, including the theft of banking login credentials, one-time passwords (OTPs), browser cookies and keystrokes. This information can be used to gain unauthorised access to financial accounts, commit fraud and support further criminal activity.
Safety Recommendations
The Cyber Security Authority is urging the public to exercise caution when downloading or opening ZIP files or unexpected attachments…
-security.jpg?sfvrsn=982907ba_5 "A First Step to Unpacking Cyber, Deception, and Intelligence Contests")